Hackers aren't criminals
                     -- they're the best kind of
                     security
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                     Victor Keong, a computer security
                     specialist with Deloitte & Touche, recently
                     advised us in this column not to hire
                     hackers (Don't Hire DefCon Hackers --
                     Aug. 8). Specifically, we shouldn't hire
                     hackers who attend DefCon, the world's
                     largest hacker convention held annually
                     over the past eight years in Las Vegas. We
                     should hire Mr. Keong and others like him,
                     he says, because he is not a hacker, nor
                     does he have body piercings, dye his hair
                     blue, or use a pseudonym. Forgive me for
                     not taking his advice.

                     Mr. Keong, I'm certain, is a very
                     competent security professional. He is not,
                     however, very well attuned to the hacking
                     community. His commentary read like a
                     cautionary tale against hiring accountants
                     from the Mafia. It's good advice, if he had
                     all of his facts right. But since he mentioned
                     by name someone whom I have just hired,
                     I would like to correct some
                     misperceptions.

                     Some hackers use handles, as do rappers
                     and CB radio operators. Big deal -- it's a
                     cultural thing. And Mudge, one of the
                     world's most famous computer security
                     experts, uses one too. I just arranged for
                     Mudge to serve on our technical advisory
                     board, along with two other hackers
                     Dildog and Reid Fleming.

                     But back to Mudge. He's an A-list hacker
                     -- he's not a criminal, an amoral
                     supergenius or an irresponsible person. He
                     is -- the singularity of his name
                     notwithstanding -- the founding director of
                     the Lopht, a hacker think tank in Boston;
                     an adviser to U.S. President Bill Clinton on
                     Internet security; and, vice-president of
                     research and development for @Stake, a
                     company dedicated to securing the Internet
                     economy. Interestingly enough, Mudge and
                     Mr. Keong compete for many of the same
                     clients, although I'm willing to allow that
                     Mr. Keong might not have known this.

                     So what exactly is a hacker? First, let's
                     define what a hacker is not. A hacker is
                     not a criminal. The people with funny
                     names who are arrested for stealing credit
                     cards or shutting down Yahoo are not
                     hackers. They are criminals. Other people
                     with funny names who advise the president
                     of the United States, NASA, and various
                     three-letter agencies, are not criminals.
                     They are computer security professionals.
                     Granted, not everyone who attends
                     DefCon has a client list like Mudge's, but
                     some approach it.

                     DefCon was originally organized to put
                     hackers together with law enforcement. In
                     fact, one of the most amusing parts of this
                     convention is the "spot the fed" contest.
                     This is a game in which feds who try to
                     attend covertly are publicly outed. It's all in
                     good fun, and in fact, the feds love it. They
                     come to DefCon to learn alongside the
                     hacking community about the
                     bleeding-edge exploits that will haunt
                     Internet security. They also show up to do
                     some recruiting, unlike Mr. Keong. The
                     feds have learned something that business
                     would do well to emulate If you want to
                     catch a cracker, you'd better hire a hacker.

                     Playing on stereotypes does not advance
                     public understanding of the hacker
                     community. Of course, many DefCon
                     attendees do fall into the Hollywood cast
                     of hacker misfits. But the majority of
                     people whom I trust and know well evade
                     such convenient labelling. My only
                     disappointment with DefCon this year was
                     that two hackers whom I wanted to hire
                     are currently unavailable. Perhaps if I toss
                     some body piercings and tattoos into the
                     employment package, they might take me
                     up on the offer.
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